Email
Share
Feb 03 2011
Last update:

Facebook Inbox Privacy and Security

Filed under: Privacy » Online,

Do Prying Eyes Have Access to Your Facebook Inbox?

Facebook InboxIn short, yes. On August 11th, 2009, Facebook unveiled what they term an Inbox API for their developers. This is basically a framework that allows applications to access and utilize information in your Facebook inbox. The idea is that Facebook apps would be able to utilize this information to, for example, pop-up a message on your desktop when you've received new mail in your Facebook inbox. Or, receive messages directly.

Just how safe is this API? According to Facebook, the applications can only access your inbox if you've granted them an extended permission. But we all know how that goes. How many times have you logged into Facebook only to be greeted with a new privacy announcement? Or maybe you've had some random application you signed up for send you an email or post on your wall and you were surprised that they did?

The Personal Information Market vs. Privacy Concerns

With the growing value of the personal information market (ie. the growing value of your personal data), the balance between businesses leveraging their opportunities to use your data for profit and the need to protect it to satisfy your privacy concerns remains a shaky one. Facebook, along with most other online businesses, stands to make a killing by giving businesses access to your personal information - which they can then use for targeted marketing initiatives. The increased relevance of advertising based on personal data usually results in much higher conversion and sales figures. Just look at how Google has been monetizing its Adwords/ Adsense programs (Adsense "senses" the content on a page and uses it to deliver highly targeted ads).

Facebook Privacy - Does it Exist?

While Facebook is constantly under pressure from Washington to keep your personal data secure and away from prying eyes, there will always be the profit incentive. For this reason, you'll probably see Facebook only do the absolute minimum to protect your information.

The Facebook Inbox API

The access developers of Facebook apps have to your inbox is only the beginning, but your inbox also contains potentially some of the most sensitive information in your account. On the Facebook Inbox API page for developers, you'll note that they write:

To access information about a user's Inbox, you'll query any of three new FQL tables:

  • mailbox_folder: This table gives you information about a user's folders; currently all users have three folders: Messages (inbox), Sent (outbox), and Updates.
  • thread: This table gives you information about specific threads. For example, you can get information about recipients of a thread, whether a group or event sent the thread, when it was last updated, the subject, whether it is currently unread, and more.
  • message: This table allows you to get information about each message in a thread. You can get information about who wrote the message, the content of the message and also information about the attachment to the message, if it exists, in the same format as attachments are returned in the stream.

As you can see, the framework for accessing your inbox content is in place. While recent privacy reform measures have curtailed the access developers have to your inbox, the capability is still there. Which leads us to our conclusion:

Don't Post Any Sensitive Information on Facebook

Or anywhere online for that matter. No matter how tightly controlled an online service's privacy policy may be, your personal information will never be 100% safe from prying eyes. Facebook is a great service that helps you connect with your friends and colleagues, and we are thankful for all the hard work that's gone into it. But we are also growing increasingly weary of the growing privacy concerns that are being raised, not the least of which is the access apps may have to your inbox.

In our opinion, a perfect Facebook would default to not allowing access to any of your information, and you would carefully choose who and what access what and when they have access to it. Right now, it's the other way around - Facebook grants access by default, and waits for you to adjust a setting (which is somewhat difficult to find) that will prevent access.

We can only hope that by making our privacy concerns heard, we can help make Facebook more secure, and thereby in the long run make it a more viable service for all, and ultimately, help it survive (just look at the thousands of people that have quit Facebook as a result of its privacy issues).

Your rating: None Average: 2 (14 votes)
View CommentsView CommentsPost a CommentPost a Comment

Your rating: None Average: 2 (14 votes)
Comments

facebook messaging

Submitted by Anchoveta on December 3, 2011 - 8:46am.

Facebook privacy not the best in the business. I love this post. It’s very insightful and I’ve learned a lot. Will not use facebook for sensitive information!

I knew it!

Submitted by a seeker of security on July 7, 2011 - 6:28pm.

I always wondered how secure my FB inbox emails were. Now I know! Never using FB inbox again, at least not for sensitive info...

Facebook privacy is a joke

Submitted by a seeker of security on June 16, 2011 - 6:43pm.

The joke's on you when it comes to Facebook privacy. Some news piece from the BBC I was reading the other day about hacking mentioned how easy it can be to gain access to personal Facebook data. Heck, half the time if you don't bother adjusting your privacy settings accordingly, your data is public by default.

Facebook photo tagging

Submitted by a seeker of security on June 10, 2011 - 4:07am.

Ah, here we go again. And didn't FB just get in trouble for their new tagging system (which lets your friends tag you in photos, and then does an "auto recognition" of you in new photos - creepy!).

Facebook, Google, etc. - who needs them?

Submitted by a seeker of security on April 21, 2011 - 1:32pm.

Facebook, Google, and all you privacy violating bastards can get out and go home. I've had enough of having my personal info plastered all over the digital world for people to see. I'm going off the grid...

Facebook Privacy Lawsuit?

Submitted by a seeker of security on March 28, 2011 - 11:06pm.

I agree - my one beef with Facebook is the fact that they always appear to setup privacy settings after the fact (ie. after our personal information has already been compromised). To make matters worse, having the platform skewed to advertiser interests results in settings changes being made on a regular basis that are a detriment to our personal privacy interests.

For example - the email field in our personal profile used to be an image, to prevent spammers and harvest bots from picking it up. But apparently this field also carries inherent value to advertisers, so now they've reverted it back to a text field that can be read by anyone, including computer programs.

I think Facebook is ripping itself a new one by doing this. They're going to scare away not only existing users, but are going to fail to convert non-users if they keep up these non-transparent, profit-entrenched privacy policies.

Facebook privacy = FAIL

Submitted by a seeker of security on December 28, 2010 - 7:09pm.

Are you kidding me? Facebook is the worst example of privacy invasion I've ever come across. I thought Google was bad with all of their intrusions and cross-matching of information from its users on Gmail and related services. But Facebook takes the cake in that it doesn't even give users the option half the time of opting out.

Just like the article in Business Week, I predict that social media participation will peak, and potentially decrease a bit over the coming years.

Post new comment
  • Lines and paragraphs break automatically.
  • Textual smileys will be replaced with graphical ones.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.